hello

Direct access without x-xsrf-token header /api/hello

Check devtools for see request payload

In case you want render csrf token to html page 

CSRF TOKEN: Y4JKgNvX-hzAg3gkCyZ2vVoYRJYGI8rRWEL4